A Toronto Web hosting company says it will demand the removal of Internet surveillance software on its servers if there’s proof customers loaded the application there.
“Because it’s a very clear violation of our acceptable use policy we would terminate those users,” Michael Carr, executive vice-president of SoftCom Inc., said in an interview Thursday.
Researchers at the University of Toronto’s Citizen Lab said this week that surveillance software called FinFisher –made by a German-based company which says it sells only to law enforcement agencies –turned up on command and control servers hosted by SoftCom here and on servers in 24 other countries.
Who’s using spyware on Toronto servers?
Citizen Lab says a number of governments use FinFisher, made by a division of Gamma International GmbH and its remote monitoring product, FinSpy, against their residents.
Carr said SoftCom, whose service provider business is called myhosting.com, can’t verify that the software actually is on its servers because the Citizen Lab report only details part of IP addresses it tracked that have FinSpy signatures.
It would be impossible to scan all of its servers without the full address, Carr said. Nor can it scan for applications.
It doesn’t matter if a Canadian law enforcement or intelligence agency is lawfully using the software, he added. myhosting.com’s acceptable use policy forbids “spyware or any related software that records a user’s activities without their permission and forwards that information via the Internet.”
Although the policy says violations may result in the cancelling of service, Carr was firm. “We do not as a business want that type of activity on any our servers. And we’re very clear about that.”
Carr said SoftCom staff were surprised to hear about the claim that the software is on its servers here. It only found out by reading a newspaper article Thursday morning. Citizen Lab didn’t contact the provider before publishing its report on Wednesday.
Understanding how IBM Spectrum Protect enables hybrid data protection
Abdicating your company’s data protection responsibilities to the first cloud solution provider you encounter is just as unwise as doing nothing at all to leverage the cloud. On the other hand, it can be a wise decision to investigate what results you might achieve by choosing a backup technology that is capable of supporting a hybrid protection approach capable of covering both on-premises technology and offsite cloud capabilities.